The need for secure, scalable, and flexible internet applications and services is increasing rapidly in the wireless world. As wireless internet applications become common, there is a huge opportunity for appliances which can handle authentication and encryption mechanisms, as well as accelerate security-related functions.
In the wireless internet world, Wireless Transport Layer Security (WTLS) provides privacy and integrity for communications, using encryption and authentication functionality. The WTLS handshake protocol of the WAP (Wireless Access Protocol) forum establishes a secure connection between the client and the server by allowing the server to authenticate itself to the client by sending over its certificate. Likewise, the client can authenticate itself by sending its certificate (or a link to it) if client authentication is requested by the server.
In the wired internet world, security can be provided in the form of SSL (Secure Sockets Layer). SSL is a protocol that supports authentication of client and/or server, as well as encryption during a communications session.
As each generation of networks becomes more sophisticated, applications must be secure for both the wired and wireless internet. Under the current state of technology of the wireless internet, security-related functions may take place at the WAP gateway. However, this does not provide an end-to-end solution—since the user request is intercepted at the WAP gateway, the user can authorize the gateway, but not the server.
A solution to this problem, and a solution for the wired internet, is to offload security-related functions to the servers in these networks to handle security matters, including encryption and authentication. However, this leaves the servers with less processing power for data processing, and for content, for instance, to be provided to clients.
While some vendors provide security-related functions outside of the servers, these solutions only offer partial security solutions. For example, although nCipher of Woburn, Mass. provides the encryption service extraneous to the servers, it does not provide the authentication service.